Customize the Vault UI Login

Is there a way to either filter login options or update the default choice off of “token” for user logins? Form a usability perspective I’m merely looking to see if there is a way to “default” the preferred login method.

Hello! There is a way to make auth methods discoverable to unauthenticated users - tuning that value to “unauth” will result in a new tab in front of the default tab that contains the selector for all of the possible auth methods. There will be a tab for each method that is tuned that way and users will not have to input the path as that will be available in the request.

Hope this helps!

To be clear, you have linked me to sys/mounts… should it insdtead be sys/auth? both seem to have that value available.

Than you in advanced.

You can set it either place - either when enabling or when you tune the mount - both secret engines and auth methods can be tuned via the sys/mounts/tune endpoint, the path for the auth mount need to be prefixed with “auth”.

The corresponding auth endpoint requires sudo capabilities so I linked to the sys/mounts one. See the note here:

Thank you again for clarification.

For any casual browser, my updates:

  1. This value can be set with a curl command (as linked), but also directly from the UI for those uncomfortable (as long as you have permissions). Hop into Authentication Methods, the auth of choice, then the configuration tab and check the box List method when unauthenticated.

  2. What this actually does is set a tab-view for each revealed auth method. At minimum it means you end up with three tabs:

  • auth of choice
  • other (the original view)

I have not seen anyway to setup which “tab” is the default tab open. It seems to always default to other.